The company was purchased by Thales Group in April 2019 and is now operating as Thales DIS (Digital Identity and Security).[2] Gemalto was until its acquisition the world's largest manufacturer of SIM cards.[3]
Thales DIS is headquartered in Amsterdam, The Netherlands, and has subsidiaries and group companies in several countries. It has approximately 15,000 employees in 110 offices along with 24 production sites, 47 personalization centers, and 35 R&D centers in 47 countries.[1]
History
In June 2006, smart card providers Gemplus and Axalto merged to become Gemalto (a portmanteau of the original company names.) Axalto was a Schlumberger IPO spin-off in 2004.
Between the merger and 2015, Gemalto completed a series of acquisitions: the Leigh Mardon's personalization center (Taiwan), Multos International, NamITech in South Africa, NXP mobile services business, the mobile software solution[buzzword] provider O3SIS, Trusted Logic (the secure software platform provider), Serverside (personalization of bank cards with digital images generated by end users), XIRING's banking activity, Netsize (a mobile communications service and commerce enabler), Valimo Wireless, a provider in mobile authentication, the internet banking security specialist Todos AB in Sweden, Cinterion the German specialist of machine-to-machine (M2M),[4] SensorLogic (an M2M service delivery platform provider), Plastkart in Turkey, Ericsson’s mobile payment platform IPX,[5] the information security company SafeNet and Buzzinbees, the automatic SIM activation expert.[6]
Axalto and Schlumberger
Schlumberger began its chip card activities in February 1979 when it licensed and marketed certain chip card technologies developed and patented by Roland Moreno, who is generally credited with the invention of the chip card.
Schlumberger developed the first telephone chip cards for France Telecom and the Swedish telecommunications operator Telia in the early 1980s. The company developed ties with telecommunications operators in several countries, and played a role in industry-wide efforts to develop new digital mobile communication standards, particularly the GSM transmission standard (Global System for Mobile Communication). Schlumberger designed its first SIM card in the early 1990s for the launch of GSM in Europe, and this led to the use of microprocessor card technology as an access and security solution[buzzword] for mobile telephony worldwide, in 3 billion handsets today.[7]
In the early 1980s, the French banking sector decided to migrate from the magnetic stripe card-based payment system to a more modern and secure microprocessor card-based system. Schlumberger received its first contract in June 1981 to provide GIE Cartes Bancaires, the French credit/debit card issuers’ association, with 5,000 microprocessor cards and 200 associated POS terminals. The microprocessor card-based payment system subsequently became standard in France and eventually led to a global standard known as EMV, set up by Europay, MasterCard and Visa.
Schlumberger experienced internal and external growth since the launch of its chip card operations in the early 1980s through the 1990s and 2000s, both in terms of revenue and product portfolio, particularly with the substantial growth in GSM-based mobile telecommunications. Acquisitions of regional companies in card production and personalization included Cowells (United Kingdom), Malco (United States), Printer (Mexico) and Cardtech (Brazil), followed by Solaic in 1996 and Bull-CP8 from Bull in 2001, in France and China.
In 2003, Schlumberger created Axalto as a division to consolidate into one company all of its card and POS terminal activities, which until then had been managed by several subsidiaries and joint ventures of the Schlumberger group. Subsequently, Axalto was listed on the Euronext Paris market on May 18, 2004.
Founded by Marc Lassus, Daniel Le Gal, Philippe Maes, Jean-Pierre Gloton and Gilles Lisimaque, Gemplus started its operations in 1988 as a supplier of prepaid phonecards. Because of its presence in the market of the prepaid phonecards during the 1990s, the company developed ties with the telecommunications industry along with Schlumberger.
Prior to 1999, the business was conducted through Gemplus S.C.A., a French limited partnership. In December 1999, Gemplus Associates, the general partner of Gemplus S.C.A., merged into Gemplus S.C.A., which became a joint stock company, Gemplus SA. In February 2000, the corporate structure was reorganized and a new holding company, Gemplus International SA, a Luxembourg corporation, was created. Texas Pacific Group became a shareholder of Gemplus at the time of its equity contribution in February 2000.
In December 2000, the company completed an initial public offering of its capital stock, in the form of ordinary shares traded on the Eurolist of Euronext Paris, and ADSs traded on the U.S. NASDAQ exchange. In 2004, the company completed the planned reorganization of its corporate structure by transferring most of the subsidiaries of Gemplus SA to Gemplus International SA.
In April 2005, Gemplus acquired Setec Oy, a company headquartered in Finland that, among other things, supplies conventional and electronic travel passports to various government agencies and products involving secure printing.
In June 2006, smart card providers Axalto and Gemplus merged to become Gemalto.[8]
Android patent lawsuit
In October 2010, Gemalto filed a lawsuit against Google, Samsung, HTC and Motorola over the Android operating system in the Eastern District of Texas.[9] Gemalto said that Android phones had memory-utilization features that it had first developed and patented, and accused the defendant companies of infringing three of its patents. Ars Technica quoted ING[clarification needed] analysts who estimated that winning this lawsuit could potentially bring the company royalty receipts amounting to 30-50 million Euros per annum. However, in June 2014, a panel of judges in the US Court of Appeals for the Federal Circuit ruled in favor of the defendants that Android phones don't infringe on those patents.[10]
Acquisition by Thales
In December 2017, Gemalto was the subject of a bid from the Thales Group for €4.8 billion.[11] This was subsequently approved by the board of directors subject to international clearance. The acquisition was completed in April 2019 not before Thales had to offload the Thales General Purpose HSM unit to Entrust Datacard . This was as part of the agreement with EU competition commission for the necessary regulatory clearance to the acquisition.
Corruption
In February 2023, Gemalto was the subject of a judicial investigation for "corruption" and "criminal association" concerning a dozen government contracts in six countries on the African continent.[1].
Structure
Gemalto N.V. is the holding company of the Group. The Company's authorized share capital amounts to €150 million and is divided into 150 million ordinary shares, with a nominal value of €1 per share. As of October 2012, out of these 150 million shares that are authorized to be issued by the Board, 88,015,844 shares were actually issued and in circulation. Since 2006, Gemalto comprises three market-focused divisions—Telecommunications, secure transactions and Security, as well as functional organizations for marketing; operations including both production and research and development; finance; human resources and legal.
Acquisition by Thales
In April 2019, Thales finished their acquisition of Gemalto for €4.8bn. Gemalto will become Thales' 7th global division which will be named Digital Identity and Security (DIS).[12]
Telecommunications
Gemalto provides software solutions[buzzword], subscriber identity modules (SIM) and managed services to more than 700 million subscribers in the telecommunications market. Gemalto has more than 400 mobile telecom operator customers worldwide.[citation needed]
In 2007, Gemalto organized the telecom business into four lines—secure operated services, advanced products and data services, value-added products and service deployment, and SIM cards.
Every year since 2000, Axalto and then Gemalto organized the "SIMagine" contest, the Worldwide Mobile Communication & Java Card Developers Contest, aimed at stimulating innovations using SIM-based solutions.[buzzword] Sponsors include Samsung Semiconductor Europe and Sun Microsystems.
In 2016, following the Buzzinbees acquisition, it introduced the concept of SIM reactivation[13] whereby operators can let users reuse expired SIM cards instead of purchasing new ones when they wish to re-subscribe to that operator.
Near field communications (NFC) and mobile payment
On October 30, 2008, Royal Bank of Canada, Visa and Rogers Wireless jointly announced that they were working together on the next phase of the mobile phone payment pilot, testing wireless delivery of mobile payment software and credit card information to a customer's mobile phone. The companies announced that Gemalto would provide this capability by acting as the trusted service manager to bridge banking with mobile phones. Gemalto's role is to manage the transfer of credit card information from RBC to the secure SIM card in the Rogers Wireless NFC-enabled mobile phone.[14]
Gemalto has played the TSM role in other NFC pilots in several countries, including France and Taiwan. In November 2007, Gemalto partnered with Taiwan's Far EasTone Telecommunications Ltd. to start Asia's first mobile contactless SIM-based NFC trial, as part of the GSM Association’s "Pay-Buy Mobile" initiative.
Mobile signatures
In November 2008, Turkcell, a mobile operator in Turkey, began using Gemalto's SIM-based mobile signature solution[buzzword]. The solution[buzzword] allows the 30 million Turkcell subscribers to access services that require strong authentication, such as internet banking or e-government services using their mobile phones to generate a legally binding electronic signature.
Banking & Payment
Gemalto supplies contact, hybrid, dual interface and contactless cards, EMV chip cards, payment terminals, and user authentication solutions for secure online banking. Via Gemplus Associates, it also invested in tokenization and Mondex, including Mondex in South Korea.
According to the Nilson report, Gemalto is the largest provider of chip cards, selling 1.5 billion chip cards, representing 49 percent of the market. At the start of 2010 in Germany 20 million ATM cards and 3.5 million credit cards were hit by an end-of-the-decade programming glitch which prevented them working.[15]
As of November 2008, Gemalto's Instant Issuance service has been installed in over 300 shopping malls worldwide, enabling one million credit cards to be issued on the spot per year.[19]
CardLikeMe
In July 2008, Gemalto began providing its CardLikeMe service to PlasticNow in Canada, giving consumers the ability to customize their card with the photo of their choice.[20]
eBanking and eCommerce security
Following its acquisition of Swedish security firm Todos AB in April 2010,[21] Gemalto eBanking provides a range of eBanking and eCommerce security solutions[buzzword] under the Ezio brand name.[22] The Ezio Suite includes:
Authentication devices including smart card readers and tokens[25]
Mobile phone authentication using SIM, apps or SMS[25]
Gemalto eBanking supports the Ezio Suite with services including implementation, security audit, design and consulting, training, fulfilment and support.[26]
As of July 2008, more than one million Barclays customers are using Gemalto's cryptographic smart card reader, called PINsentry by Barclays for strong authentication for online banking.[28]
FINO PayTech Limited
In June 2007, The Financial Information Network and Operations Ltd. (FINO PayTech Limited) in India began deploying Gemalto smart cards with biometric authentication. to enable microbanking and the underbanked population in rural India.[29]
Biometric cards
Starting from 2018, Gemalto introduced a range of biometric cards including fingerprint sensors.
In October 2019, biometric cards, equipped with fingerprint sensors, were delivered to NatWest in the UK in a project in partnership with Mastercard.[30]
In November 2019, biometric cards, equipped with fingerprint sensors, were delivered to Cornèrcard in Switzerland in a project in partnership with Visa.[31]
Security, public sector (e-Government)
e-Passports
Gemalto supplies electronic passport (e-passport) solutions to Australia, Colombia, Czech Republic, Denmark, Estonia, France, India, Italy, Latvia, Morocco, Norway, Poland, Portugal, Qatar, Singapore, Slovenia, Sweden, Turkey, Peru, Malaysia, United States and the United Kingdom among other countries.[32]
As of March 2007, Gemalto has provided technology to more than 10 million e-passports, making them the largest provider of e-passport solutions with an estimated 30 percent market share.[33]
In the United States, Gemalto is one of two vendors picked by the Government Printing Office to supply their e-passport program in 2007.
In September 2017, Gemalto announced that its biometric ePassport technology is currently being used in more than 30 different countries, including Algeria, Denmark, Finland, Hong Kong, France, Italy, Korea, Morocco, Norway, Peru, Portugal, Singapore, Sweden and the United States.[34][35][36]
e-Driver’s licenses
Mexico’s licensing authority (ICV) used Gemalto's smart card platform to issue the first e-driver's licenses to the city of Monterrey, Nuevo León, Mexico, in 2007. Gemalto expects to deliver more than 900,000 licenses to ICV over a three-year period.[37] Gemalto secured a new contract to supply electronic card driver's license to three additional Mexican states in April 2008.[38]
In December 2007, Gemalto began supplying Sweden with e-driver's licenses that contain a transparent window in the polycarbonate structure, aimed at enhanced physical security. Gemalto will supply Sweden with 600,000 e-driver's licenses per year for three years.[39]
e-ID Citizen cards
In February 2007, the Portuguese Mint and National Printing Office (INCM) picked Gemalto to provide their national e-ID Citizen Card. Gemalto provides the operating system, the personalization system and applications, the middleware and associated helpdesk services. All Portuguese citizens will ultimately carry these cards as their national ID document.[40]
e-Healthcare cards
In September 2007, Gemalto delivered its 100 millionth e-healthcare card. Gemalto has delivered e-healthcare cards in Algeria, Belgium, China, Finland, France, Germany Mexico, Puerto Rico, Slovenia, the United Kingdom, and the United States.
In July, Allgemeine Ortskrankenkasse (AOK), a German health insurer, also picked Gemalto to supply and personalize 35 million e-health insurance cards. The cards contain emergency data such as blood group, allergy alerts and ongoing treatments, and e-prescriptions.[41]
Gemalto has provided contactless payment technology to a nationwide transport project in the Netherlands, and citywide projects in Boston, Paris, London, São Paulo and Santiago.[44]
Gemalto has delivered more than 100 million transit cards internationally.[44]
In April 2008, Alternative Technology began offering Gemalto's on-demand Device Administration Service (DAS) through its network of 3,000 resellers in the United States and Canada.[46]
In April 2008, Envoy Data Corporation began offering Gemalto's on-demand Device
Administration Service (DAS) through its network of IT security specialized VARs.[47]
Pfizer
At Pfizer, 100,000 employees use Gemalto smart cards as badges.[48]
Virchow Krause
In July 2008, Gemalto began deploying Protiva .NET Dual tokens at Virchow Krause & Company LLP (VK), the 15th largest accounting firm in the United States.[49]
Microsoft partnership
Microsoft employees worldwide use Gemalto .NET smart card technology embedded in their corporate badge to enable access to Microsoft's own information systems.[50]
In June 2008, Gemalto announced that Instant Badge Issuance (IBI), a solution[buzzword] that works directly with Microsoft Active Directory and Identity Lifecycle Manager (ILM) to load digital certificates directly onto the smart card.[51]
At Microsoft's "Heroes Happen Here" event in February 2008, Gemalto and Microsoft demonstrated the only .NET smart card technology with support built into Microsoft Windows Server 2008.[52]
In November 2007, Gemalto made its .NET smart card, Protiva Strong Authentication Server and related Protiva credential devices, and other Windows Smart Card Framework-compatible products available for live simulation at the Microsoft Partner Solutions Center on Microsoft Corp.’s Redmond, Washington, campus.[53]
In November 2007, Gemalto attained Gold Certified Partner status in the Microsoft Partner Program.[54]
In 2006, Gemalto organized a Microsoft-sponsored contest, SecureTheWeb, for the best new development in secure personal devices for Web services, such as smart cards and one-time passwords (OTPs).[55]
Citrix Systems partnership
In December 2007, Gemalto announced that its Protiva platform were recognized by Citrix Systems as compatible with the Citrix Access Gateway.[56] This followed a previous announcement earlier in January 2007 that Gemalto’s .NET and Protiva solutions[buzzword] were recognized by Citrix Systems as compatible with its products.[57]
In January 2007, Gemalto was named a finalist for 2006 Solution Partner of the Year by Citrix Systems.[58]
Verisign
In February 2007, Gemalto announced that its Network Identity Manager (NIM) for online security would support the VeriSign Identity Protection (VIP) Network.[59]
Security breaches
3G/4G SIM card encryption key leak allegations
According to documents leaked by Edward Snowden, NSA's and GCHQ's Mobile Handset Exploitation Team[60] infiltrated Gemalto's infrastructure to steal SIM authentication keys, allowing them to secretly monitor mobile communications.[61] GCHQ codenamed the program "DAPINO GAMMA". The secret GCHQ document leaked by Snowden also claimed the ability to manipulate billing records to conceal their own activity and having access to authentication servers to decrypt voice calls and text messages.[61] Snowden stated that "When the NSA and GCHQ compromised the security of potentially billions of phones (3g/4g encryption relies on the shared secret resident on the sim), they not only screwed the manufacturer, they screwed all of us, because the only way to address the security compromise is to recall and replace every SIM sold by Gemalto."[62]
GCHQ and NSA declined to comment on the matter.[64] Gemalto issued a press release on February 25, 2015 saying there were "reasonable grounds to believe that an operation by NSA and GCHQ probably happened", but denying that the government agencies gained access to any authentication keys.[65][66]
Smart card weak key vulnerability
In October 2017, it was reported that Gemalto's IDPrime.NET smart cards, which are used internally by Microsoft and many other companies, were affected by the Infineon weak key vulnerability, leaving their private keys deducible to attackers.[67]